Actions
Security #7067
closed
PA
PA
defrag: off by one leads to possible evasion
Security #7067:
defrag: off by one leads to possible evasion
Added by Philippe Antoine almost 2 years ago. Updated over 1 year ago.
Severity:
HIGH
Disclosure Date:
09/04/2024
GHSA:
Description
Found by oss-fuzz
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69475
Regression on 26th of April cf https://github.com/OISF/suricata/compare/ad4185b3c4fdcdfd0eac44a5ddf6bc7484c35bda...4fedba11404ea6548fd2ed319adf4b78a56180b4
Victor, I leave you this new one, cc @Jason Ish
Files
| lolc.pcap (129 KB) lolc.pcap | Philippe Antoine, 06/11/2024 08:15 AM | ||
| lole.pcap (300 Bytes) lole.pcap | Philippe Antoine, 06/11/2024 08:55 AM |
PA Updated by Philippe Antoine almost 2 years ago Actions #1
Ouch `tracker->ip_hdr_offset` 4 is greater than GET_PKT_LEN(r) 0
VJ Updated by Victor Julien almost 2 years ago Actions #2
Do you have pcap?
PA Updated by Philippe Antoine almost 2 years ago Actions #3
- File lol.pcap added
The pcap does trigger only on fuzz_decodepcapfile, not on suricata
PA Updated by Philippe Antoine almost 2 years ago Actions #4
PA Updated by Philippe Antoine almost 2 years ago Actions #5
- File deleted (
lol.pcap)
PA Updated by Philippe Antoine almost 2 years ago Actions #6
VJ Updated by Victor Julien almost 2 years ago Actions #7
- Status changed from New to Assigned
PA Updated by Philippe Antoine almost 2 years ago Actions #8
- Status changed from Assigned to In Review
Gitlab MR
PA Updated by Philippe Antoine almost 2 years ago Actions #9
- Label Needs backport to 7.0 added
OT Updated by OISF Ticketbot almost 2 years ago Actions #10
- Subtask #7215 added
OT Updated by OISF Ticketbot almost 2 years ago Actions #11
- Label deleted (
Needs backport to 7.0)
PA Updated by Philippe Antoine over 1 year ago Actions #12
- Tracker changed from Bug to Security
- Severity set to MODERATE
- Disclosure Date set to 09/04/2024
VJ Updated by Victor Julien over 1 year ago Actions #13
- Assignee changed from Victor Julien to Philippe Antoine
VJ Updated by Victor Julien over 1 year ago Actions #14
- Severity changed from MODERATE to HIGH
HIGH as it could potentially lead to loss of visibility, and thus policy bypass.
VJ Updated by Victor Julien over 1 year ago Actions #15
- Subject changed from defrag: DEBUG_VALIDATE_BUG_ON(len > UINT16_MAX); to defrag: off by one leads to possible evasion
JF Updated by Juliana Fajardini Reichow over 1 year ago Actions #16
- CVE set to 2024-45796
PA Updated by Philippe Antoine over 1 year ago Actions #17
- Status changed from In Review to Closed
VJ Updated by Victor Julien over 1 year ago Actions #18
- Private changed from Yes to No
Actions